Wascap Specification - Security
One of the many reasons people are excited about WebAssembly is the portability of a WebAssembly module. The instruction set and binary format will work anywhere, on any operating system and on any CPU (virtual or otherwise) provided there is a valid runtime host. This gives us an amazing opportunity to finally leverage write-once, run everywhere technology. However, there’s nothing inherent in the WebAssembly file format that addresses the concerns of security and provenance.
Wascap security starts with a JWT embedded into each guest WebAssembly module. Each JWT has a signature created using an ed25519 key. In the case of the Rust implementations, we’re using an encoding standard for ed25519 keys called nkeys, that make the public and private keys readable by humans with a custom prefix that gives us a clue as to which type of key we’re looking at.
The signature of the JWT lets us know that the JWT is valid. Within the JWT, the issuer and subject fields give us the identity and provenance of the module, and the hash field inside the JWT allows us to verify that the WebAssembly module has not been tampered with since it was signed.